Reputation: 1112
Trying regex pattern on greylog search
Hej,
I'm trying to query graylog for any message not containing something that would match the regex pattern:
(\\w+-)*\\d+
For example: some-article-x-12397
But normal regex seems not to be working for graylog. The help page doesn't give me enough information. ( http://support.torch.sh/help/kb/graylog2-web-interface/the-search-bar-explained )
Upvotes: 2
Views: 15368
Answers (3)
Reputation: 308
I do not find anywhere that Graylog2 accepts regular expressions in its Search (it does for definig streams, etc.). It just states:
Use ? to replace a single character or * to replace zero or more characters
Source: https://www.graylog.org/documentation/general/queries/
Upvotes: 2
Reputation: 300
Well it looks like you don't need to add the / at the beginning or end to denote the beginning and end of the regex.
So (\bError\b)\s+(\bEmail\b)\s+(\bsent\b) seems valid but /(\bError\b)\s+(\bEmail\b)\s+(\bsent\b)/g is not.
Upvotes: 0
Reputation: 9611
"All of these: && || : \ / + - ! ( ) { } [ ] ^ " ~ * ? have to be escaped in graylog"
If you're supposed to escape all of those characters then your expression should look like this:
\(\\w\+\-\)\*\\d\+
I escaped those characters with the following:
Pattern:
([&|:\/\\+!(){}[\]^"~*?-])
Substitution:
\\\1
Upvotes: 0
Related Questions
- Graylog Search with Regex
- How to search Graylog with a partial Text match
- Graylog search contains string
- Loggly. Using regexp for search
- Graylog2 Stream filter rule
- Regex: need an alternative for positive lookbehind
- Search graylog for string with dash and numerals?
- Graylog regex search with numbers in text
- Specific search pattern RegExp
- Regex find strings between colon